aspupload| upload a bulletin about a class that is considered a virus without component uploads
Recently found that many upload components are considered to be a virus to kill, the specific performance of the client forum named upload.inc,upload_fun.asp file is considered to be a virus file to kill, the specific reason is because many of the domestic forum program using the name "No Fear Upload class" A section of code that is uploaded through the Ado.stream component. This code is considered by many security agencies as a malicious threat to the Web server and has been classified as a backdoor.sinups malicious program since May. For specific security bulletins, see http://www.sarc.com/avcenter/venc/data/backdoor.sinups.html
The so-called "no component upload", Refers to a file upload method implemented through Windows Server built Ado.stream object, generally used in the customer's pictures, files and other web uploading programs, compared to other uploading methods, no component upload no special components requirements, but its upload function is inherited from the ASP internal objects, upload function is not very stable, for a SP script Execution time is high and there is a limit to the size of the upload. Therefore, customers are recommended to use the AspUpload upload components we provide. Use AspUpload can make your site upload function more stable, robust. For AspUpload, most of the programs currently in use can be supported by simply setting up your site program to use the AspUpload upload feature. and ask customers not to use the "No Fear Upload class" code to avoid unnecessary trouble.
Please carefully handle the upload of your site program to avoid potential security potential site.
AspUpload Upload Implementation code below (test pass):
Fileconfig.asp
<%
Dim Uploadfilepath,uploadlimitsize,uploadfileallowext,browerfilepath
Uploadfilepath = "/upfile/" &year (now) & "_" &month (now) & "_" &day (now) & "/"
' File Upload path
Browerfilepath = "/upfile/"
Uploadlimitsize = 1024*50 ' 50M
' Max upload file size, Unit K
Uploadfileallowext = ". txt|. asp|. rar
' Types of files that can be uploaded
function Canupload (Fileurl)
Fileurl = LCase ("|") & Mid (Fileurl, InStrRev (Fileurl, ".") + 1) & "|")
Uploadfileallowextstr = "|" &UploadfileAllowext& "|"
If InStr (Uploadfileallowextstr,fileurl) >0 Then
Canupload = False
Else
Canupload = True
End If
End Function
Function CreateFolder (Filepath)
Dim FSO, F
On Error Resume Next
Set fso = CreateObject ("Scripting.FileSystemObject")
If not FSO. FolderExists (Filepath) Then
Set f = fso. CreateFolder (Filepath)
Set F = Nothing
End If
Set fso = Nothing
End Function
%>
